As soon as you finish developing and testing your Safe App, you can already let some actual users test it by simply sending them the link to the hosted Safe App and asking them to add it as a Custom App. This guide explains how to add custom apps.
If you would like your Safe App to appear in the Safe, it must meet the following criteria:
1) Smart contracts must be audited
Security it's a top priority. If your Safe App includes smart contracts of your own you should provide an external audit result document. If smart contracts were created by a 3rd party you should be using smart contracts that are properly audited.
2) Your Safe App must include a manifest.json file at the root containing the following data:
"name": "Name of your Safe App"
Your Safe App's name, maximum 50 characters.
A relative file path to your App's logo. The icon must be a square SVG image of at least 128 by 128 pixels.
"description": "This is the Safe app description."
Few sentences describing your application, maximum 200 characters
3) The app auto-connects to the Safe
When an user opens the app, it should automatically select the Safe as a wallet. Ensure to check the case if the user previously opened the app outside of the Safe with another wallet.
4) The Safe team has reviewed the Safe App
The requirement doesn't apply for battle-tested applications hosted on the same domain like the main dApp.
While we won't be able to do a proper audit for your Safe App, we still would like to look at the source code to raise issues or suggest improvements. So whether your Safe App is open or closed source, please send us either a link to the public repo or an invitation to the private code repository.
We also would like to make a rough functional review of the App, so please provide us with a high-level test plan/feature list that allows our QA team to make sure everything works as intended in production. Video walkthroughs are also welcome.
5) Help us decode your Safe App transactions
We want to display interactions with Safe Apps as human-readable as possible. To do this, we need the contract ABI of the contracts that your Safe App interacts with. The ideal way to do this would be to verify your contracts via Sourcify, which we can leverage to decode transactions interacting with those contracts.
Alternatively, you can provide us with the ABIs as JSON files or the links to the verified contracts on Etherscan, so we can implement transaction decoding for your Safe App interactions.
After we have reviewed and integrated your Safe App, the App will first be available in the staging environment of the Safe for you to do a final review. We would then approach you to coordinate the launch and a joint announcement.
Once your app is live, even if you are running it locally, you can import it to the Safe application as a custom app. To do so, you should select the "Apps" tab:
Add custom appbutton and add your app using a link: